CVE-2014-9626

Name of the Vulnerable Software and Affected Versions VLC media player versions prior to 2.1.6

Description The issue is related to an integer underflow in the MP4 demuxer, specifically in the MP4 ReadBox String function. This can be exploited by remote attackers using a specially crafted MP4 file with a box size less than 7, potentially allowing them to execute arbitrary code or cause a denial of service. The vulnerability is associated with errors in checking the length of string containers.

Recommendations For versions prior to 2.1.6, update to version 2.1.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of MP4 files from untrusted sources until the update is applied.